Thesis

Mutual influences of cybersecurity and law

Downloadable Content

Download PDF
Creator
Rights statement
Awarding institution
  • University of Strathclyde
Date of award
  • 2025
Thesis identifier
  • T17320
Person Identifier (Local)
  • 201975807
Qualification Level
Qualification Name
Department, School or Faculty
Abstract
  • The use of computers at every level and place in society comes with costs in terms of cybersecurity. The positive effects of the current usage of digital devices and software are ease, speed, and exponentially reducing costs. The disadvantages are adversaries being able to attack individuals, corporations, and states at any time and at any point. The use of software and hardware has become the norm, and they are embedded and used everywhere in society. The law must adapt to understand this new digital reality. This thesis tackles this problem in three different themes. For legislation to work, it must cover the necessary legal subjects. This is a problem facing Medical Device Regulation in the European Union (EU) and this thesis suggests expanding the notion of intention. While it may prove more costly for the authorities and manufacturers, it will benefit patients in the form of increased security, and therefore safety. The thesis also clearly shows how cybersecurity should be understood within the context of the Regulation. A unique cybersecurity-based taxonomy for attacks on surgical robots is included, also used in the case law analysis provided, consisting of a small analysis of Danish law and procedural considerations regarding reimbursement cases involving cyberattacks in court. The thesis finds that reimbursement involving cyberattacks should be possible, demonstrating that flexibility within the law is required for it to function within a technologically changing society. New surveillance technologies bring new Human Rights and technology based threats. In the case of Client-side Scanning, the focus is on what happens when these technologies break, leak, or are manipulated. First, a new definition of Client-side Scanning is created, followed by a cybersecurity analysis of the term. The thesis then shows how these systems can be a risk, but also how other Client-side Scanning systems may be considered in the future within the framework of the European Human Rights Convention. While privacy is always at risk regarding surveillance systems, the thesis notes that things like admissibility of evidence and incrimination may also be difficult issues to handle within the Convention, and that states should carefully legislate for the usage of the systems to ensure that they do not violate the Convention. Resilience is a central tool to enable robust cybersecurity, both in a legal and technical sense. The upcoming legislation in the EU, the Cyber Resilience Act, is an important step towards enforcing resilience in practice on all digital systems. Together with existing and upcoming regulation, it paves the way for a higher level of security and compliance, even if it is limited by its reach as product legislation. The thesis analyses the Act in the context of supply chain cybersecurity and discusses two cases of supply chain attacks and the implementation of NIS 1 in three jurisdictions. A picture emerges of a significant gap between national cybersecurity and internationally–founded supply chain security. While this raises concern and criticism, the Act does offer some solutions to the clear issues presented by Supply Chain Security.
Advisor / supervisor
  • Schippers, Birgit
  • Revie, Crawford W.
  • Daly, Angela
  • Nagaraja, Shishir
Resource Type
DOI

Relations

Items

Thumbnail Title Date Uploaded Visibility Actions
file details PDF of thesis T17320 2025-05-12 Public Download